NSFOCUS describes PhantomNugget as a modularized malware toolkit, that was spread using EternalBlue. Payloads included a RAT and a XMRig miner.
Tracking driver inventory to unearth rootkits
NuggetPhantom Analysis Report
There is no Yara-Signature yet.